Hi Paul,
* Paul Boddie [2017-11-28 23:06:24 +0100]:
On Monday 27. November 2017 13.52.55 Giovanni Biscuolo wrote:
please also consider that many respectable free software supporters are proposing solutions that are **useless tech workarounds**; e.g. looking at https://privacylab.yale.edu/ , in the "What we do" box, I read: "Hosting Tor", "providing TAILS OS", "hardened GNU/Linux", privacy-respecting tools such as PGP/GPG e-mail and E2EE messaging...
I know that you're trying to communicate that control of the hardware is essential,
yes, and since I know that **useless* sounds harsh, I must comment about this
I seriously *love* and use each of the above mentioned projects _and_ have a profound sense of gratitude for the people behind them; I also know that using that software is *much* better than not to use them (I'd be not here ;-) )
that said, please consider I used the term **useless** as an analogy in this context: «The summer of 2013 will remain the moment we finally realized how broken the Internet was [1], and how much this had been abused.» (http://youbroketheinternet.org/)
[1] http://secushare.org/broken-internet this page presents a serious analysis of the inherent problems of Internet design and currently proposed solutions, unfortunately just tech workarounds (useless in the context of __documented__ abuses, we still do not know nothing about the _undocumented_ ones)
so, as long as the statement "Internet is broken by design" should _not_ be discarded just because it's harsh **and** it does not mean people should not use privacy and anonymity enhancing measures provided by the workarounds when using Internet, please consider not to trash away my **useless tech workarounds** "label" :-)
in other words (sorry if I'm stressing on this), some computing devices have become **virtual machines** running in a stealth host with a complete OS running on it; you have not root access to the host, just to the virtual machine (NIBM - aka not invented by me)
everyone relying on virtual machines must know what it means from a privacy and anonymity POV
I'm fine using virtual machines, I'm using a lot of them for my business and for my customers... so to paraphrase the #youbroketheinternet statement above: «The autumn of 2018 will remain the moment Giovanni Biscuolo finally realized how broken *his* computing devices was, and how much this could be abused; anyway he absolutely trusts his vendors, providers, local government and all other governments around the world and he is confident his broken devices will **never** be abused by the unknown root user»
but those other things still complement efforts to maintain overall control of our computing environments, uphold privacy, and so on. As such, they are not useless.
sorry but I disagree with you :-)
they are very useful for a broad spectrum of attack vectors, but useless on virtual machines for *narrow* but potentially destructive attack vectors
[...]
then openly wonder why anyone would bother encrypting things or running secure operating systems.
never said that: I bother encryption and all other security, privacy and anonymity tech... but they are limited and I use it for a plenty of _other_ reasons (e.g. I use LUKS on all my hosts in case of theft)
So we need to consider all of these things, or at least many of them. These days, I constantly find myself reminding people to beware of the zero-sum game, as they promote their favourite things at the expense of other, equally worthwhile things. This is no different.
I'm not promoting anything, I'm just questioning the proposed solutions in the light of this new "discovery"
...not true, I'm _promoting_ a serious question: can the market alone fix the "CPU as a service" issue?
I've no solution
Ciao Giovanni